diff options
| -rw-r--r-- | pkg/requirements.pip | 1 | ||||
| -rw-r--r-- | setup.py | 1 | ||||
| -rw-r--r-- | src/leap/bitmask/vpn/helpers/linux/polkit_agent.py | 82 | ||||
| -rw-r--r-- | src/leap/bitmask/vpn/launchers/linux.py | 5 | ||||
| -rw-r--r-- | src/leap/bitmask/vpn/privilege.py | 32 | 
5 files changed, 97 insertions, 24 deletions
| diff --git a/pkg/requirements.pip b/pkg/requirements.pip index a34f8295..80dca0bf 100644 --- a/pkg/requirements.pip +++ b/pkg/requirements.pip @@ -2,6 +2,7 @@ twisted  colorama  zope.interface  service-identity +python-daemon  gnupg  leap.common>=0.5.5  leap.soledad.client>=0.9.5 @@ -18,6 +18,7 @@ required = [      'service-identity',      'colorama',      'srp', +    'python-daemon',      'leap.common',  ] diff --git a/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py b/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py new file mode 100644 index 00000000..10bf7db1 --- /dev/null +++ b/src/leap/bitmask/vpn/helpers/linux/polkit_agent.py @@ -0,0 +1,82 @@ +# -*- coding: utf-8 -*- +# polkit_agent.py +# Copyright (C) 2013 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program.  If not, see <http://www.gnu.org/licenses/>. + +""" +Daemonizes polkit authentication agent. +""" + +import os +import subprocess + +import daemon + + +POLKIT_PATHS = ( +    '/usr/lib/lxpolkit/lxpolkit', +    '/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1', +    '/usr/lib/mate-polkit/polkit-mate-authentication-agent-1', +    '/usr/lib/kde4/libexec/polkit-kde-authentication-agent-1', +) + + +# TODO write tests for this piece. +def _get_polkit_agent(): +    """ +    Return a valid polkit agent to use. + +    :rtype: str or None +    """ +    # TODO: in caso of having more than one polkit agent we may want to +    # stablish priorities. E.g.: lxpolkit over gnome-polkit for minimalistic +    # desktops. +    for polkit in POLKIT_PATHS: +        if os.path.isfile(polkit): +            return polkit + +    return None + + +def _launch_agent(): +    """ +    Launch a polkit authentication agent on a subprocess. +    """ +    polkit_agent = _get_polkit_agent() + +    if polkit_agent is None: +        print("No usable polkit was found.") +        return + +    print('Launching polkit auth agent') +    try: +        # XXX fix KDE launch. See: #3755 +        subprocess.call(polkit_agent) +    except Exception as e: +        print('Error launching polkit authentication agent %r' % (e, )) + + +def launch(): +    """ +    Launch a polkit authentication agent as a daemon. +    """ +    with daemon.DaemonContext(): +        _launch_agent() + + +if __name__ == "__main__": +    # TODO pass a --nodaemon flag so that we can launch this in the foreground +    # and debug this module, getting errors to stderr. +    launch() diff --git a/src/leap/bitmask/vpn/launchers/linux.py b/src/leap/bitmask/vpn/launchers/linux.py index 5852d1e5..d68d6ef1 100644 --- a/src/leap/bitmask/vpn/launchers/linux.py +++ b/src/leap/bitmask/vpn/launchers/linux.py @@ -21,18 +21,13 @@ Linux VPN launcher implementation.  import commands  import os -import sys  from twisted.logger import Logger  from leap.bitmask.util import STANDALONE  from leap.bitmask.vpn.utils import first, force_eval  from leap.bitmask.vpn.privilege import LinuxPolicyChecker -from leap.bitmask.vpn.privilege import NoPkexecAvailable -from leap.bitmask.vpn.privilege import NoPolkitAuthAgentAvailable  from leap.bitmask.vpn.launcher import VPNLauncher -from leap.bitmask.vpn.launcher import VPNLauncherException -from leap.common.config import get_path_prefix  logger = Logger()  COM = commands diff --git a/src/leap/bitmask/vpn/privilege.py b/src/leap/bitmask/vpn/privilege.py index 2576877a..4617aedf 100644 --- a/src/leap/bitmask/vpn/privilege.py +++ b/src/leap/bitmask/vpn/privilege.py @@ -169,26 +169,20 @@ class LinuxPolicyChecker(PolicyChecker):      @classmethod      def launch(self):          """ -        Tries to launch policykit +        Tries to launch policykit.          """ -        env = None -        if STANDALONE: -            # This allows us to send to subprocess the environment configs that -            # works for the standalone bundle (like the PYTHONPATH) -            env = dict(os.environ) -            # The LD_LIBRARY_PATH is set on the launcher but not forwarded to -            # subprocess unless we do so explicitly. -            env["LD_LIBRARY_PATH"] = os.path.abspath("./lib/") -        try: -            # We need to quote the command because subprocess call -            # will do "sh -c 'foo'", so if we do not quoute it we'll end -            # up with a invocation to the python interpreter. And that -            # is bad. -            log.debug('Trying to launch polkit agent') -            subprocess.call(["python -m leap.bitmask.util.polkit_agent"], -                            shell=True, env=env) -        except Exception: -            log.failure('Error while launching vpn') +        if not self.is_up(): +            try: +                # We need to quote the command because subprocess call +                # will do "sh -c 'foo'", so if we do not quoute it we'll end +                # up with a invocation to the python interpreter. And that +                # is bad. +                log.debug('Trying to launch polkit agent') +                subprocess.call( +                    ["python -m leap.bitmask.vpn.helpers.linux.polkit_agent"], +                    shell=True) +            except Exception: +                log.failure('Error while launching vpn')      @classmethod      def is_up(self): | 
